DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
Getting started
Summary of steps
Setting up FortiProxy for management access
Configuring basic settings
Registering FortiProxy
Configuring a policy
Backing up the configuration
Troubleshooting your installation
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
GUI-based global search
Loading artifacts from a CDN
Accessing online documentation
Recovering missing graphical components
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
CLI error codes
Configuration and management
Accessing Fortinet Developer Network
Product registration with FortiCare
FortiCare and FortiGate Cloud login
FortiCare Register button
Transfer a device to another FortiCloud account
Deregistering a FortiProxy
FortiProxy models
Supported protocols
Deployments
Transparent and NAT/route modes
Web proxy
WAN optimization
Web caching
WCCP
Dashboard
FortiView
FortiView dependencies
FortiView interface
FortiView consoles
FortiView Applications console
FortiView Cloud Applications console
FortiView Countries/Regions console
FortiView Destination Firewall Objects console
To enable address object UUID logging in the CLI:
FortiView Destination Interfaces console
FortiView Destination Owners console
FortiView Destinations console
FortiView Interface Pairs console
FortiView Policies console
FortiView Search Phrases console
FortiView Servers console
FortiView Sessions console
To view session data using the CLI:
To view session data with filters using the CLI:
FortiView Source Firewall Objects console
To enable address object UUID logging in the CLI:
FortiView Source Interfaces console
FortiView Sources console
FortiView Sources - WAN console
FortiView VPN console
FortiView Web Categories console
FortiView Web Sites console
Using the process monitor
Proxy Settings
Explicit Proxy
Create or edit an explicit proxy
Secure explicit proxy
Proxy chaining
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message
HTTP connection coalescing and concurrent multiplexing for explicit proxy
Display CORS content in explicit proxy
Web Proxy Setting
Logging client IP for forward traffic and HTTP transaction
Web Proxy Profile
Create or edit a web proxy profile
Create or edit an HTTP header
Restricted SaaS access
Forwarding Server
Create or edit a forwarding server
Grouping forwarding servers and load balancing traffic to the servers
Server URL
Create or edit a URL match entry
FTP Proxy
Proxy Options
Create or edit a proxy option profile
Create a CIFS proxy option
SSL Keyring
Network
Interfaces
Create or edit an interface
Aggregation
Create or edit a zone
GRE Tunnel
Create or edit a GRE tunnel
DNS Settings
Using the FortiProxy unit as an IPv6 DDNS client for generic DDNS
Use DNS over TLS for default FortiGuard DNS servers
Alternate DNS servers
DNS Service
Create or edit a DNS service
Create or edit a DNS zone
Create or edit a DNS entry
Diagnostics
Static routes
Create or edit a static route
Policy routes
VXLAN
Zero Trust Network Access
Zero Trust Network Access introduction
Establish device identity and trust context with FortiClient EMS
SSL certificate based authentication
Basic ZTNA configuration
ZTNA advanced configurations
ZTNA policy access control of unmanageable and unknown devices
HTTP2 connection coalescing and concurrent multiplexing for ZTNA
ZTNA configuration examples
ZTNA HTTPS access proxy example
ZTNA HTTPS access proxy with basic authentication example
ZTNA TCP forwarding access proxy example
ZTNA SSH access proxy example
ZTNA application gateway with SAML authentication example
Secure LDAP connection from FortiAuthenticator with zero trust tunnel example
ZTNA IP MAC based access control example
UTM scanning on TCP forwarding access proxy traffic
ZTNA inline CASB for SaaS application access control
ZTNA troubleshooting and debugging commands
ZTNA troubleshooting scenarios
Policy & Objects
Policy
Create or edit a policy
Policy matching using applications
SSH policy matching
HTTP2 connection coalescing and concurrent multiplexing for virtual server load balancing
Authentication Rules
Create or edit an authentication rule
Create or edit an authentication scheme
Agentless NTLM support
Domain name source when doing NTLM authentication
Proxy Auth Setting
Traffic shaping
Traffic shaping policies
Create or edit a traffic-shaping policy
Traffic shaping profile
Traffic shapers
Shared traffic shaper
Per-IP traffic shaper
Changing traffic shaper bandwidth unit of measurement
Multi-stage DSCP marking and class ID in traffic shapers
DSCP marking in firewall shaping policies
Examples
Interface-based traffic shaping profile
Ingress traffic shaping profile
Isolator Setting
Servers
Profiles
Setting
DNS Lookup
Central SNAT
Create or edit a central SNAT policy
PAC Policy
Create or edit a PAC policy
Edit a PAC file
Policy Test
URL Lookup
Decrypted Traffic Mirror
Addresses
Create or edit an address
Proxy address
Create or edit an address group
Create or edit an IPv6 address template
Edit a subnet segment
Internet Service Database
Services
Create or edit an application service
Create or edit a service
Create or edit a service group
Create a service category
Schedules
Create or edit a schedule
Create or edit a schedule group
Virtual IPs
Create or edit a virtual IP
Create or edit a virtual IP group
IPÂ Pools
Create or edit an IPÂ pool
Security Profiles
Antivirus
Create or edit an antivirus profile
Using FortiSandbox post-transfer scanning with antivirus
FortiSandbox inline scanning
Using FortiNDR inline scanning with antivirus
Exempt list for files based on individual hash
Web Filter
Create or edit a web filter profile
Create or edit a URL filter
Create or edit a content filter
FortiGuard filter
Video Filter
Create or edit a video filter profile
Create or edit a channel override entry
DNS Filter
Create or edit a DNS filter profile
Create or edit a domain filter
Create or edit a DNS translation entry
HTTP3 deep inspection, QUIC certificate inspection, DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes
Application Control
Create or edit an application sensor
Create or edit a default network service
Add or edit an application override
Add or edit a filter override
Inline CASB
Intrusion Prevention
Create or edit an IPS sensor
Add or edit an IPS signature or filter
File Filter
Create or edit a file filter profile
Create or edit a file filter rule
SSL/SSH Inspection
Create or edit an SSL/SSH inspection profile
Control TLS connections that utilize Encrypted Client Hello
Application Signatures
Create or edit an application signature
Create or edit an application group
IPS Signatures
Create or edit an IPS signature
Web Rating Overrides
Create or edit a web rating override
Create or edit a custom category
Web Risk Overrides NEW
Web Profile Overrides
Create or edit a web profile override
Profile Groups
Web Filter Risk Level NEW
Data Loss Prevention
DLP techniques
Basic DLP settings
Advanced DLP configurations
DLP fingerprinting
Sensitivity labels
Exact data matching
DLP examples
Block HTTPS upload traffic that includes credit card information
Log FTP upload traffic with a specific pattern
Block HTTPS downloads of EXE files and log HTTPS downloads of files larger than 500 KB
Block HTTPS upload traffic that includes Visa or Mastercard information using evaluation via logical expression
Proximity search
DLP File Pattern
Create or edit a DLP file pattern
Content Analyses
Image Analysis
Create or edit an Image Analysis profile
ICAP Profile
Create or edit an ICAP profile
ICAP Remote Server
Create or edit an ICAP remote server
ICAP Load Balancing
ICAP Local Server
Create or edit an ICAP local server
Create or edit an ICAP service
ICAP scanning with FTP
WAN Optimization
Profiles
Create or edit a WAN optimization profile
Peers
Create or edit a WAN optimization peer
Authentication Groups
Create or edit an authentication group
Web Cache
Settings
Prefetch URLs
Reverse Cache Server
Create or edit a reverse cache server
Prefetch File
Create or edit a prefetch file
WCCP Settings
WCCP service groups, numbers, IDs, and well-known services
WCCP configuration overview
Example: Caching HTTP sessions
WCCP packet flow
Configure forward and return methods and adding authentication
WCCP messages
Troubleshooting WCCP
User Agent
Create or edit a user agent
VPN
IPsec Tunnels
Edit an IPsec tunnel
IPsec Wizard
Create a custom VPN tunnel
IPsec Tunnel Template
User & Authentication
User Definition
Creating or editing a user
User Groups
Create or edit a user group
Guest Management
Create or edit a guest user account
Create multiple guest user accounts
LDAP Servers
Create or edit an LDAP server
Creating an administrator that can be authenticated by an LDAP server
RADIUS Servers
Create or edit a RADIUS server
TACACS+ Servers
Create or edit a TACACS server
Kerberos
Create or edit a Kerberos authentication service
SAML
Create or edit a SAML server
FortiTokens
Registering and activating a hard token
Assigning a FortiToken to a user account
Activating a mobile token
Managing FortiTokens
FortiToken Cloud
Synchronizing LDAP Active Directory users to FortiToken Cloud using the two-factor filter
Troubleshooting and diagnosis
System
Administrators
Create or edit an administrator
Create or edit a REST API administrator
Admin Profiles
Create or edit an administrator profile
Fabric Management
Upgrading individual device firmware
Authorizing devices
Downloading a firmware image
Settings
Using the default certificate for HTTPS administrative access
TLS configuration
Trusted platform module support
VDOM
Configuration
Transparent mode management
Backing up and restoring configurations in multi VDOM mode
HA
HA virtual cluster setup
HA cluster out-of-band management
Upgrading FortiProxies in an HA cluster
SNMP
Fortinet MIBs
SNMP agent
Create or edit an SNMP community
Create or edit an SNMP user
Replacement Messages
Replacement Message Groups
FortiGuard
Licensing in air-gap environments
Feature Visibility
Certificates
Certificate list
Certificate Signing Requests
Import a local certificate
Import a CA certificate
Upload a remote certificate
Import a CRL
View certificate details
Default certificate authority
FortiProxy encryption algorithm cipher suites
Integrating FortiProxy with SafeNet Luna Network HSM
Configuration backups and reset
Security Fabric
Automation stitches
Creating automation stitches
Default automation stitches
Incoming Webhook Quarantine stitch
Triggers
FortiProxy event log trigger
Certificate expiration trigger
Actions
VMware NSX security tag action
VMware NSX-T security tag action
Replacement messages for email alerts
Slack Notification action
Microsoft Teams Notification action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
CLI script action
Execute a CLI script based on CPU and memory thresholds
Webhook action
Slack integration webhook
Microsoft Teams integration webhook
Fabric Connectors
Configuring logging and analytics
Configuring FortiAnalyzer
Configuring cloud logging
External Connectors
Asset Identity Center
Log & Report
Types of logs
System Events
Security Events
Reports
FortiAnalyzer reports
Local reports
Log settings
Email Alert Settings
Port Exhaustion Alert
Logging to FortiAnalyzer
FortiAnalyzer log caching
Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
Configuring multiple FortiAnalyzers on a FortiProxy in multi-VDOM mode
Appendices
Perl regular expressions
Preload cache content and web crawler
Automatic backup to an FTP or TFTP server
Custom signature keywords
FortiProxy bypass mode
Formatting and loading FortiProxy firmware image using TFTP
Change log
Home
FortiProxy 7.4.5
Administration Guide
7.4.5
7.6.0
7.4.6
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.12
7.2.11
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.19
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0
Isolator Setting
Isolator Setting
Configure an isolator server, profile, or setting:
Servers
Profiles
Setting
.
Previous
Next
Isolator Setting
Isolator Setting
Configure an isolator server, profile, or setting:
Servers
Profiles
Setting
.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Getting started
Summary of steps
Setting up FortiProxy for management access
Configuring basic settings
Registering FortiProxy
Configuring a policy
Backing up the configuration
Troubleshooting your installation
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
GUI-based global search
Loading artifacts from a CDN
Accessing online documentation
Recovering missing graphical components
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
CLI error codes
Configuration and management
Accessing Fortinet Developer Network
Product registration with FortiCare
FortiCare and FortiGate Cloud login
FortiCare Register button
Transfer a device to another FortiCloud account
Deregistering a FortiProxy
FortiProxy models
Supported protocols
Deployments
Transparent and NAT/route modes
Web proxy
WAN optimization
Web caching
WCCP
Dashboard
FortiView
FortiView dependencies
FortiView interface
FortiView consoles
FortiView Applications console
FortiView Cloud Applications console
FortiView Countries/Regions console
FortiView Destination Firewall Objects console
To enable address object UUID logging in the CLI:
FortiView Destination Interfaces console
FortiView Destination Owners console
FortiView Destinations console
FortiView Interface Pairs console
FortiView Policies console
FortiView Search Phrases console
FortiView Servers console
FortiView Sessions console
To view session data using the CLI:
To view session data with filters using the CLI:
FortiView Source Firewall Objects console
To enable address object UUID logging in the CLI:
FortiView Source Interfaces console
FortiView Sources console
FortiView Sources - WAN console
FortiView VPN console
FortiView Web Categories console
FortiView Web Sites console
Using the process monitor
Proxy Settings
Explicit Proxy
Create or edit an explicit proxy
Secure explicit proxy
Proxy chaining
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message
HTTP connection coalescing and concurrent multiplexing for explicit proxy
Display CORS content in explicit proxy
Web Proxy Setting
Logging client IP for forward traffic and HTTP transaction
Web Proxy Profile
Create or edit a web proxy profile
Create or edit an HTTP header
Restricted SaaS access
Forwarding Server
Create or edit a forwarding server
Grouping forwarding servers and load balancing traffic to the servers
Server URL
Create or edit a URL match entry
FTP Proxy
Proxy Options
Create or edit a proxy option profile
Create a CIFS proxy option
SSL Keyring
Network
Interfaces
Create or edit an interface
Aggregation
Create or edit a zone
GRE Tunnel
Create or edit a GRE tunnel
DNS Settings
Using the FortiProxy unit as an IPv6 DDNS client for generic DDNS
Use DNS over TLS for default FortiGuard DNS servers
Alternate DNS servers
DNS Service
Create or edit a DNS service
Create or edit a DNS zone
Create or edit a DNS entry
Diagnostics
Static routes
Create or edit a static route
Policy routes
VXLAN
Zero Trust Network Access
Zero Trust Network Access introduction
Establish device identity and trust context with FortiClient EMS
SSL certificate based authentication
Basic ZTNA configuration
ZTNA advanced configurations
ZTNA policy access control of unmanageable and unknown devices
HTTP2 connection coalescing and concurrent multiplexing for ZTNA
ZTNA configuration examples
ZTNA HTTPS access proxy example
ZTNA HTTPS access proxy with basic authentication example
ZTNA TCP forwarding access proxy example
ZTNA SSH access proxy example
ZTNA application gateway with SAML authentication example
Secure LDAP connection from FortiAuthenticator with zero trust tunnel example
ZTNA IP MAC based access control example
UTM scanning on TCP forwarding access proxy traffic
ZTNA inline CASB for SaaS application access control
ZTNA troubleshooting and debugging commands
ZTNA troubleshooting scenarios
Policy & Objects
Policy
Create or edit a policy
Policy matching using applications
SSH policy matching
HTTP2 connection coalescing and concurrent multiplexing for virtual server load balancing
Authentication Rules
Create or edit an authentication rule
Create or edit an authentication scheme
Agentless NTLM support
Domain name source when doing NTLM authentication
Proxy Auth Setting
Traffic shaping
Traffic shaping policies
Create or edit a traffic-shaping policy
Traffic shaping profile
Traffic shapers
Shared traffic shaper
Per-IP traffic shaper
Changing traffic shaper bandwidth unit of measurement
Multi-stage DSCP marking and class ID in traffic shapers
DSCP marking in firewall shaping policies
Examples
Interface-based traffic shaping profile
Ingress traffic shaping profile
Isolator Setting
Servers
Profiles
Setting
DNS Lookup
Central SNAT
Create or edit a central SNAT policy
PAC Policy
Create or edit a PAC policy
Edit a PAC file
Policy Test
URL Lookup
Decrypted Traffic Mirror
Addresses
Create or edit an address
Proxy address
Create or edit an address group
Create or edit an IPv6 address template
Edit a subnet segment
Internet Service Database
Services
Create or edit an application service
Create or edit a service
Create or edit a service group
Create a service category
Schedules
Create or edit a schedule
Create or edit a schedule group
Virtual IPs
Create or edit a virtual IP
Create or edit a virtual IP group
IPÂ Pools
Create or edit an IPÂ pool
Security Profiles
Antivirus
Create or edit an antivirus profile
Using FortiSandbox post-transfer scanning with antivirus
FortiSandbox inline scanning
Using FortiNDR inline scanning with antivirus
Exempt list for files based on individual hash
Web Filter
Create or edit a web filter profile
Create or edit a URL filter
Create or edit a content filter
FortiGuard filter
Video Filter
Create or edit a video filter profile
Create or edit a channel override entry
DNS Filter
Create or edit a DNS filter profile
Create or edit a domain filter
Create or edit a DNS translation entry
HTTP3 deep inspection, QUIC certificate inspection, DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes
Application Control
Create or edit an application sensor
Create or edit a default network service
Add or edit an application override
Add or edit a filter override
Inline CASB
Intrusion Prevention
Create or edit an IPS sensor
Add or edit an IPS signature or filter
File Filter
Create or edit a file filter profile
Create or edit a file filter rule
SSL/SSH Inspection
Create or edit an SSL/SSH inspection profile
Control TLS connections that utilize Encrypted Client Hello
Application Signatures
Create or edit an application signature
Create or edit an application group
IPS Signatures
Create or edit an IPS signature
Web Rating Overrides
Create or edit a web rating override
Create or edit a custom category
Web Risk Overrides NEW
Web Profile Overrides
Create or edit a web profile override
Profile Groups
Web Filter Risk Level NEW
Data Loss Prevention
DLP techniques
Basic DLP settings
Advanced DLP configurations
DLP fingerprinting
Sensitivity labels
Exact data matching
DLP examples
Block HTTPS upload traffic that includes credit card information
Log FTP upload traffic with a specific pattern
Block HTTPS downloads of EXE files and log HTTPS downloads of files larger than 500 KB
Block HTTPS upload traffic that includes Visa or Mastercard information using evaluation via logical expression
Proximity search
DLP File Pattern
Create or edit a DLP file pattern
Content Analyses
Image Analysis
Create or edit an Image Analysis profile
ICAP Profile
Create or edit an ICAP profile
ICAP Remote Server
Create or edit an ICAP remote server
ICAP Load Balancing
ICAP Local Server
Create or edit an ICAP local server
Create or edit an ICAP service
ICAP scanning with FTP
WAN Optimization
Profiles
Create or edit a WAN optimization profile
Peers
Create or edit a WAN optimization peer
Authentication Groups
Create or edit an authentication group
Web Cache
Settings
Prefetch URLs
Reverse Cache Server
Create or edit a reverse cache server
Prefetch File
Create or edit a prefetch file
WCCP Settings
WCCP service groups, numbers, IDs, and well-known services
WCCP configuration overview
Example: Caching HTTP sessions
WCCP packet flow
Configure forward and return methods and adding authentication
WCCP messages
Troubleshooting WCCP
User Agent
Create or edit a user agent
VPN
IPsec Tunnels
Edit an IPsec tunnel
IPsec Wizard
Create a custom VPN tunnel
IPsec Tunnel Template
User & Authentication
User Definition
Creating or editing a user
User Groups
Create or edit a user group
Guest Management
Create or edit a guest user account
Create multiple guest user accounts
LDAP Servers
Create or edit an LDAP server
Creating an administrator that can be authenticated by an LDAP server
RADIUS Servers
Create or edit a RADIUS server
TACACS+ Servers
Create or edit a TACACS server
Kerberos
Create or edit a Kerberos authentication service
SAML
Create or edit a SAML server
FortiTokens
Registering and activating a hard token
Assigning a FortiToken to a user account
Activating a mobile token
Managing FortiTokens
FortiToken Cloud
Synchronizing LDAP Active Directory users to FortiToken Cloud using the two-factor filter
Troubleshooting and diagnosis
System
Administrators
Create or edit an administrator
Create or edit a REST API administrator
Admin Profiles
Create or edit an administrator profile
Fabric Management
Upgrading individual device firmware
Authorizing devices
Downloading a firmware image
Settings
Using the default certificate for HTTPS administrative access
TLS configuration
Trusted platform module support
VDOM
Configuration
Transparent mode management
Backing up and restoring configurations in multi VDOM mode
HA
HA virtual cluster setup
HA cluster out-of-band management
Upgrading FortiProxies in an HA cluster
SNMP
Fortinet MIBs
SNMP agent
Create or edit an SNMP community
Create or edit an SNMP user
Replacement Messages
Replacement Message Groups
FortiGuard
Licensing in air-gap environments
Feature Visibility
Certificates
Certificate list
Certificate Signing Requests
Import a local certificate
Import a CA certificate
Upload a remote certificate
Import a CRL
View certificate details
Default certificate authority
FortiProxy encryption algorithm cipher suites
Integrating FortiProxy with SafeNet Luna Network HSM
Configuration backups and reset
Security Fabric
Automation stitches
Creating automation stitches
Default automation stitches
Incoming Webhook Quarantine stitch
Triggers
FortiProxy event log trigger
Certificate expiration trigger
Actions
VMware NSX security tag action
VMware NSX-T security tag action
Replacement messages for email alerts
Slack Notification action
Microsoft Teams Notification action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
CLI script action
Execute a CLI script based on CPU and memory thresholds
Webhook action
Slack integration webhook
Microsoft Teams integration webhook
Fabric Connectors
Configuring logging and analytics
Configuring FortiAnalyzer
Configuring cloud logging
External Connectors
Asset Identity Center
Log & Report
Types of logs
System Events
Security Events
Reports
FortiAnalyzer reports
Local reports
Log settings
Email Alert Settings
Port Exhaustion Alert
Logging to FortiAnalyzer
FortiAnalyzer log caching
Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
Configuring multiple FortiAnalyzers on a FortiProxy in multi-VDOM mode
Appendices
Perl regular expressions
Preload cache content and web crawler
Automatic backup to an FTP or TFTP server
Custom signature keywords
FortiProxy bypass mode
Formatting and loading FortiProxy firmware image using TFTP
Change log